Can I use a build-in account to access different network drivers in IIS7?

109 views Asked by At

I have to use one weird IIS7 web app which needs access to three network drivers: the first one is on NAS, the other two are shared folders on different Windows servers. But this weird IIS web app needs to use the same account to access all the three folders. So far, I have tried these combinations:

  1. use NAS account to access NAS is IIS7: yes
  2. use pass through account to access NAS in IIS7: yes
  3. use windows account to access network driver in IIS7: yes
  4. use pass through account to access network driver in IIS7: no

The NAS account has an ip prefix which Windows do not support, that is why I can not force all the network drives to use the same account.

I do not know why IIS7 can not use a pass through account (LocalService, LocalSystem, NetworService, or ApplicationPoolIdentify) to access net shared folder by Windows, while IIS7 can use a build-in account to access NAS. That does not make sense.

Please help!


When NAS and all the three servers in the same domain, this article can solve this problem ApplicationPoolIdentity user cannot modify files in shared folder in Windows Server 2008.

Go to the Shared Folder –> right click –> properties -> security –>edit –> add (so far as usual ) -> choose object types –> check on computers –> now enter the computer name where your application is working from , where you published your IIS application.

But there is no domain in my condition.

1

There are 1 answers

0
neohope On BEST ANSWER

There are three ways to solve this problem:

1、Add the same windows account/same password in all the three network driver servers.

In IIS7, use this windows account as identity.

However NAS account requires ip prefix, while Windows account do not allow ip prefix. So I can not use this one.

2、Add the servers to the same domain, allow IIS7 server to access network drivers in all the network driver servers.

However, the end user do not allow me to do this.

3、At last I wrote another IIS7 web app,which helps the weird IIS7 web app logs in all there network drivers.

The end user have to access my web app once, before they can use the weird IIS7 web app.

In my web app, I used this API a lot: WNetAddConnection2.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Runtime.InteropServices;

namespace IISReadDiskTest
{
    public class NetworkDrive
    {
        public enum ResourceScope
        {
            RESOURCE_CONNECTED = 1,
            RESOURCE_GLOBALNET,
            RESOURCE_REMEMBERED,
            RESOURCE_RECENT,
            RESOURCE_CONTEXT
        }

        public enum ResourceType
        {
            RESOURCETYPE_ANY,
            RESOURCETYPE_DISK,
            RESOURCETYPE_PRINT,
            RESOURCETYPE_RESERVED
        }

        public enum ResourceUsage
        {
            RESOURCEUSAGE_CONNECTABLE = 0x00000001,
            RESOURCEUSAGE_CONTAINER = 0x00000002,
            RESOURCEUSAGE_NOLOCALDEVICE = 0x00000004,
            RESOURCEUSAGE_SIBLING = 0x00000008,
            RESOURCEUSAGE_ATTACHED = 0x00000010,
            RESOURCEUSAGE_ALL = (RESOURCEUSAGE_CONNECTABLE | RESOURCEUSAGE_CONTAINER | RESOURCEUSAGE_ATTACHED),
        }

        public enum ResourceDisplayType
        {
            RESOURCEDISPLAYTYPE_GENERIC,
            RESOURCEDISPLAYTYPE_DOMAIN,
            RESOURCEDISPLAYTYPE_SERVER,
            RESOURCEDISPLAYTYPE_SHARE,
            RESOURCEDISPLAYTYPE_FILE,
            RESOURCEDISPLAYTYPE_GROUP,
            RESOURCEDISPLAYTYPE_NETWORK,
            RESOURCEDISPLAYTYPE_ROOT,
            RESOURCEDISPLAYTYPE_SHAREADMIN,
            RESOURCEDISPLAYTYPE_DIRECTORY,
            RESOURCEDISPLAYTYPE_TREE,
            RESOURCEDISPLAYTYPE_NDSCONTAINER
        }

        [StructLayout(LayoutKind.Sequential)]
        private class NETRESOURCE
        {
            public ResourceScope dwScope = 0;
            public ResourceType dwType = 0;
            public ResourceDisplayType dwDisplayType = 0;
            public ResourceUsage dwUsage = 0;
            public string lpLocalName = null;
            public string lpRemoteName = null;
            public string lpComment = null;
            public string lpProvider = null;
        }

        [DllImport("mpr.dll")]
        private static extern int WNetAddConnection2(NETRESOURCE lpNetResource, string lpPassword, string lpUsername, int dwFlags);

        public static int MapNetworkDrive(string remotePath, string localDrive, string userName, string passWord)
        {
            NETRESOURCE myNetResource = new NETRESOURCE();
            myNetResource.lpLocalName = localDrive;
            myNetResource.lpRemoteName = remotePath;
            myNetResource.lpProvider = null;
            int result = WNetAddConnection2(myNetResource, passWord, userName, 0);
            return result;
        }
    }
}